teabot | 5c9f960e9236fd71f0ca5edea0c40d8c4aede4caf462fd1eab46f7e672f4016b

Analysis

max time kernel
1520349s
max time network
153s
platform
android_x86_64
resource
android-x86_64
submitted
11-05-2021 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

garage.salt.wet.apk
Size

4.1MB
MD5

c23dbf548359b38d7603c03996c5f002
SHA1

be058435289ce6a74060577286b68378637dab5b
SHA256

5c9f960e9236fd71f0ca5edea0c40d8c4aede4caf462fd1eab46f7e672f4016b
SHA512

7796477eae42a17251919f389febaf14e894e53b87473a902087a945abc2e3f36fc1780c0ee9aaacaf210ff434981a39ec34d7de6f054331cc453d2b426dfe39

Score

10^/10

teabot banker infostealer obfuscation trojan

Malware Config

Signatures

TeaBot
TeaBot is an android banker first seen in January 2021.
banker trojan infostealer teabot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

garage.salt.wet

ioc	pid	process
/data/user/0/garage.salt.wet/app_DynamicOptDex/Tm.json	3605	garage.salt.wet
/data/user/0/garage.salt.wet/app_DynamicOptDex/Tm.json	3605	garage.salt.wet

Uses reflection 28 IoCs

obfuscation

Processes:

garage.salt.wet

description	pid	process
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method android.content.res.AssetManager.addAssetPath	3605	garage.salt.wet
Invokes method android.app.ContextImpl.getAssets	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method android.content.res.AssetManager.open	3605	garage.salt.wet
Invokes method java.io.FilterInputStream.read	3605	garage.salt.wet
Invokes method java.io.FilterInputStream.read	3605	garage.salt.wet
Invokes method java.io.BufferedInputStream.read	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method java.io.BufferedInputStream.close	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method java.lang.String.getBytes	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method java.io.FileOutputStream.write	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method java.io.BufferedInputStream.close	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method java.io.FilterOutputStream.close	3605	garage.salt.wet
Invokes method android.app.ActivityThread.currentActivityThread	3605	garage.salt.wet
Acesses field android.app.ActivityThread.mPackages	3605	garage.salt.wet
Invokes method java.lang.reflect.Field.get	3605	garage.salt.wet
Invokes method java.lang.Object.getClass	3605	garage.salt.wet
Invokes method java.lang.ref.Reference.get	3605	garage.salt.wet
Invokes method java.lang.ref.Reference.get	3605	garage.salt.wet
Acesses field android.app.LoadedApk.mClassLoader	3605	garage.salt.wet
Invokes method java.lang.reflect.Field.get	3605	garage.salt.wet
Acesses field android.app.LoadedApk.mClassLoader	3605	garage.salt.wet
Invokes method android.os.SystemProperties.get	3605	garage.salt.wet

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads